* NOTE: "-" and "/" can be used interchangeably




1. Dir

- list all files inside current or specified directory

dir /a:h    - shows ONLY hidden files

* Note: d = directories | h = hidden files | s = system files | L = reparse points | r = read only files | a = files ready for archiving | i = not content indexed files

dir /b  - shows ONLY files. No size, date, time, etc
dir /d  - similar to bare option, but places all files in block structure and places folder information at bottom
dir /o  - shows all files in a specified order
dir /p  - pauses after every screenful of info
dir /q  - shows all files and its owner
dis /s  - shows all files in specified directory and all subdirectories



3. ipconfig 

/all    - shows detailed IP configuration
/release    - releases all connections
/flushdns   - cleans out the DNS Resolver cache
/renew  - requests an IPv4 address



4. ping

/t = ping until YOU stop it
/n = NUMBER of pings
/4 = use IPv4
/6 = use IPv6



5. tracert (Windows) | traceroute (Linux/Mac OS)

- traces the path from one network to another; router to router

* NOTE: It allows us to diagnose the source of many problems


tracert URL

[Example: tracert google.com]

tracert -4 -h NUMBER URL

- forces IPv4 output (instead of IPv6) and limits the hops to NUMBER

[Example: tracert -4 -h www.google.com]



6. netstat

netstat

- shows all the connections between your PC and any other PC

- displays protocol statistics and current TCP/IP network connects; just outputs Active Connections

6B. netstat -na

- outputs all connections and listening ports; and places the addresses and port numbers in numerical form



7. nslookup

nslookup

- enables you to determine exactly what information the DNS server is giving your about a specific host name

[Example: nslookup www.google.com] or nslookup 8.8.8.8



8. shutdown

* NOTE: shuts down, reboots, or logs out of PC. Timers can only be set for shut downs and reboots

* NOTE: shutdown /a will abort shutdown that was scheduled


8. "shutdown -s -m \\REMOTE-PC-NAME

- this will shutdown a remote system on the SAME NETWORK

-s = Shutdown
-m = machine; specify the name of the machine target


8B. "shutdown /s /d p:4:2"

- this shuts down the pc with no timeout or warning and the reason provided is the result of an app installation

/s = shutdown
/d = provide the reason for the shutdown/restart
p:x:x = 4 is the major category; means a new app installed and 2 is the minor category


8C. "shutdown /s /t:0"

- immediate shutdown
/s = shutdown
/t: = the time interval (value)


8D. "shutdown /g"

- shuts down the pc but will attempt to restore the apps that were open at the time of the shutdown. Most apps will automatically reopen when the system restarts

* NOTE: If "Automatic Restart Sign-On is ENABLED, the PC will automatically sign in and lock last interactive user


8E . shutdown -r -t SECONDS -m \\REMOTE-PI

[Example: shutdown -r -t 0 -m \\10.10.100.102]

- this will send a message to reboot a remote machine

-r = full shutdown and RESTART (reboot)

-t = time in seconds

-m = machine; name of the PC/Server




9. DISM 


9B. DISM /Online /Cleanup-Image /CheckHealth

- verifies whether any corruption has been detected. Can not repair any problems though


9C. DISM /Online /Cleanup-Image /ScanHealth

- scans the Windows image for any corruption

- similar to CheckHealth, but this can take up to 10 minutes to finish


9D. DISM /Online /Cleanup-Image /RestoreHealth

- scans the Windows image for any corruption and to perform a repair automatically 

- can take up to 20 minutes to finish

- sometimes gets stuck at 20%-40%, but this is normal and will continue shortly


9E. dism /online /get-features

- outputs all Windows features and shows their current status (enabled/disabled)


9F. dism /online /enabled-feature /featurename:NAME /all

- enables the specified Windows feature


9G. dism /online /disabled-feature /featurename:NAME

- disables the specified Windows feature



10. sfc (System File Check)


10B.  sfc /scannow

- scans the INTEGRITY of ALL protected system files and replaces incorrect versions with corrected MS version

	

    *** Offline SFC Scan ***

1. after booting from repair disk or Windows PE disk go to the terminal and type in:

2. bcdedit

- verify the drive that has Windows installed on it (Windows Boot Loader; partiton=LETTER:\Windows)

3. sfc /scannow /offbootdir=C:\ /offwindir=D:\Windows




11. chkdsk

chkdsk DRIVELETTER:

- checks a disk and displays status report

12B. "chkdsk DRIVELETTER: /f /r /v"

- F = automatically fixes file system errors on the disk
- R = scans for and attempts recovery of bad sectors
- V = displays the full path and every file on the disk
- X = forces the volume to dismount first if necessary (in use). This will require a reboot;

* NOTE: Repairs 1. Cross-linked files 2. Bad clusters 3. Directory structures

* NOTE: CAN NOT remove malware
* NOTE: DOES NO repair FRAGMENTS files; that is what "Defrag" tool does




    *** Diskpart ***


10. diskpart

- this enters its command interpreter and enables you to manage objects (disks, partitions, or volumes) by using scripts or direct input from a command prompt. Before using, you must first LIST and then SELECT the object to give it focus.

Step 2: list disk

- this displays list of disks and info about them, such as their size, amount of available free space, whether the disk is a basic dynamic disk, and whether the disk uses the master boot recorder (MBR) or GUID partition table (GPT) partition style. The disk marked with an asterisk (*) has focus. 

10B. select disk NUMBER-OF-DISK

- this specifies disk and places focus on it

- if selecting a hard drive use ""select disk NUMBER"

- if selecting an mini sd card or flash drive use "select volume NUMBER"

10C. list volume

- this displays a list of basic and dynamic volumes on all disks

10D. attributes disk

- reads out the attributes to the selected disk/volume

10E. attributes disk clear readonly

- this clears the "read-only" attribute




13. taskkill 

* NOTE: Use "tasklist" to display the list of currently running process/tasks

taskkill /im PROGRAM.EXE

/im = Image name; specifies the image name of the processto be terminated; wildcards can be used to specify all tasks or image names

- terminates tasks/program by image name

1B. taskkill /pid 1234 /t

/pid = Process ID; specifies the PID of the process to be terminated
/t = terminate; terminates the specified process and any child processes which were started by it

- terminates tasks/programs and any child processes which were started by it

1C. taskkill /pid 1234 /t /f

/f = Forcesfully; specifies to forcefully terminate the specified process(es)

- is much more powerful




14. gpupdate

* NOTE: Group policies are the cornerstone of security settings for Windows systems

gpupdate /force

- puts newly set policies to work immediately (instead of having to reboot PC or have user log off and back on)



15. gpresult

* NOTE: Gives quick overview of all security policies applied to a single user or computer on your network

gpresult /user USER /r

/r = display RSoP summary data




16. format

format LETTERDRIVE:

- formats a disk [default is NTFS]

[Example: format /q /fs:exfat k:]

/fs: = File System; FAT, FAT32, exFAT, NTFS, UDF, ReFS

/q = Quiet Mode; do not ask if it's OK to delete on global wildcard


6b. format /q DRIVE:

- this performs a QUICK FORMAT on specified drive



3. bootrec

bootrec /fixmbr

- troubleshooting that fixes the Master Boot Record

- this command must be run from System Recovery/Window PE (before OS fully loads)

* NOTE: The MBR knows about all of the disk partitions, the location of the active bootable partition

* NOTE: Common MBR problems: Error loading the OS, Missing OS, Invalid partition table


3B. bootrec /fixboot

- this command writes a new boot sector

* NOTE: starts the OS bootloader (Win 7/8/8.1)

* NOTE: Common Boot Manager problems: Boot Manager is Missing, NTLoader is Missing


3C. bootrec /rebuildbcd

- rebuilds the menu system (pre login screen)

* NOTE: BCD = Boot Configuration Data





5. del

del /f FILE

- force deletes FILE

/f = force deleting of read-only files

5B. del /s /q FILE(s)

- deletes all FILE(s) from all subdirectories
- supresses the prompt to ask for delete confirmation

/s = delete specified files from all subdirectories
/q = specifies quiet mode; you are not prompted for delete confirmation



6. 





    *** Copy, XCopy, Robocopy ***


7. copy FILENAME DIRECTORY
- copies file to chosen directory




8. xcopy SOURCE DESTINATION

- copies entire directory into another directory
- ONLY copies files NOT SUBFOLDERS
- will need to include "/s" to include SUBFOLDERS

9B. xcopy DIRECTORY DIRECTORY

- copies entire directory into another directory
- ONLY copies files NOT SUBFOLDERS
- NOTE: xcopy does NOT copy hidden files/folders/system files, so you need to use the "/h" to include them

9C. xcopy /a DIRECTORY:\PATH\* DESTINATION:\PATH

- copies all files with the "archive" attribute; doesn't change the attribute

/a = copies only files with the archive attribute set

9D. xcopy /m DIRECTORY:\PATH\* DESTINATION:\PATH

- similar to 24, copies only files with the archive attribute set and then removes the archive attribute from files in DIRECTORY, which tells the system that the files have not changed since the last backup. This is verified by running the "xcopy /a ..." command again, no files should copy over

9E. xcopy /d:MM-DD-YYYY DIRECTORY:\PATH\* DESTINATION:\PATH

- copies all files that match the MM-DD-YYYY format from DIRECTORY to DESTINATION

[example: xcopy /d:01-22-2018 c:\users\dredubb\downloads\* f:\windowns_backups\]

9F. xcopy /s DIRECTORY:\PATH\* DESTINATION:\PATH

/s = copies directories and subdirectories EXCEPT EMPTY ONES

- this copies all files AND subdirectories in DIRECTORY:\PATH and copies them to DESTINATION:\PATH
- this will NOT copy EMPTY directories/subdirectories

9G. xcopy /e DIRECTORY:\PATH\* DESTINATION:\PATH

/e = copies directories and subdirectories INCLUDING empty ones

9H. xcopy /p DIRECTORY:\PATH\* DESTINATION:\PATH

/p = prompts you before creating each destination file

- this prompts you for even copy or overwrite

9I. xcopy /v DIRECTORY:\PATH\* DESTINATION:\PATH

/v = verifies the size of each file

- this verifies each file after it has been copied over

9J. xcopy /w DIRECTORY:\PATH\* DESTINATION:\PATH

/w = prompts you to press a key BEFORE starting copy process

- this waits until you press ANY KEY before continuing the copy

- this is good for scripts and in case you run into a scenario where there's no more space; you can insert a USB/external drive

9K. xcopy /a /e /k SOURCE:\*.*

/a = copies only files with the archive attribute set
/e = copies directories and subdirectories, including empty ones
/k = copies attributes; normally xopy will reset read-only attributes

- make sure you're in the destination directory you want to copy the files/folder TO BEFORE running this command; or simply add the destination to the end of the command
[exmaple: xcopy k:\*.* /a /e /k c:\users\dre\desktop]

- can also specify directores and subdirectories to copy over instead of the entire drive

- this copies EVERYTHING located in the DIRECTORY on the SOURCE drive to your CURRENT directory (or specified destination)




10. robocopy SOURCE DESTINATION

- copies files ONLY in SOURCE to new DESTINATION; no subdirectories will be copied

* NOTE: Robocopy replaces xcopy; by default it performs "*.*" (all files and subdirectories in the specified directory)

7B. robocopy /e DIRECTORY DESTINATION

- copies the entire DIRECTORY along with its subdirectory/subdirectories

* NOTE: this also works just like the /mir tag (mirrors the DIRECTORY to DESTINATION

/e = copy subdirectories; INCLUDE EMPTY ones


7C. robocopy DIRECTORY DESTINATION /copyall

- copies DIRECTORY + all files info (attributes); does not copy subdirectories

7D. "robocopy DIRECTORY DESTINATION /b"

- copies DIRECTORY to DESTINATION in backup mode (which ONLY saves files that are NEW or OLD files that HAVEN'T been updated

/b = Backup Mode; 

7E. "robocopy DIRECTORY DESTINATION /zb"

/z = copy files in "restartable mode"; gives you details if something goes wrong and will try to restart the copying process again

/b = copy files in "backup mode"

/zb = use "restartbale mode" and if that is denied, use "backup mode"

- copies DIRECTORY to DESTINATION and uses Restart Mode, but if it's interrupted, it will use Backup mode instead

[Example: robocopy . *africa* \\dc-1\downloads /r:3 /w:10 /zb]

7F. "robocopy DIRECTORY DESTINATION /R:NUMBER /W:SECONDS"

/r: = number of retries on failed copies [default is "1"]

/w: = wait time between retries [default is 30-seconds]

- copies DIRECTORY to DESTINATION and if it's interrupted, it was retry NUMBER times and wait SECONDS in between retries

7G. "robocopy DIRECTORY *FILE-EXTENSION* DESTINATION"

- copies all FILE-EXTENSION files from DESTINATION to DESTINATION

7H. robocopy /xo DIRECTORY DESTINATION

/xo = exclude older files

- this excludes files that are ALREADY existing in the DESTINATION

7I. robocopy /log:PATH\FILE.txt SOURCE DESTINATION

/log: = outputs status to FILE.txt (will overwrite existing FILE.txt if one is present in same PATH)

/log+: = the same as abobe, BUT will APPEND previous FILE.txt if one is present in same PATH





    *** Net USE and USER ***

18. net use

net use DRIVELETTER: \\SERVER

- maps \\SERVER to specified DRIVELETTER:

[Example: net use f: \\10.10.10.111] or net use f: \\DPCT-Files


18B. net use DRIVE: /delete

- removes mapped drive




19. net user

net user USERNAME PASSWORD /add

- creates USERNAME with and set the passwork to PASSWORD

* NOTE: To add user to a group use: net localgroup GROUP USERNAME /add

18b. net user USERNAME /delete

- deletes specified user


    *** Net USE and USER </end> ***


20. CACLS

- enables you to edit NTFS (ACL) permissions
